BEC Scams Amount to $3 billion According to Latest FBI PSA

bec-fbi-updateThe FBI has released an updated public service announcement about the sudden spike in the pernicious business email compromise (BEC) scams. According to the announcement (I-061416-PSA), which includes new Internet Crime Complaint Center (IC3) complaints, and updated statistical data, BEC has continued to grow, evolve, and target businesses of all sizes. According to the new data set, BEC schemes have caused US$3 billion in damages from domestic and international victims.

[READ: The Numbers Behind BEC Scams]

According to the FBI, in October 2013 through May 2016, US and foreign victims have reported 22,143 BEC-related cases, resulting in a 1300% increase in identified losses since January 2015. Following BEC’s predecessors Predator Pain, Limitless, and Hawkeye, Olympic Vision was the fourth malware used in a BEC campaign and was found to have targeted 18 companies in the US, Middle East, and Asia. Attackers behind this campaign used Olympic Vision, a keylogger purchased online for $25 that came as an attachment in emails. Once opened, a backdoor is installed and infects the victim’s system and steals vital information.

In May 2016, Fischer Advanced Composite Components AG (FACC), an Austrian aeronautics company reported being swindled a record 42 million euros (around $47 million) through a spear-phishing attack. According to reports, the incident occurred last January and involved a fake email disguised as its former CEO Walter Stephan, conning one of FACC’s financial department employee into wiring 50 million euros that was supposedly for one of the company’s acquisition projects. Fortunately, FACC was quick to realize that they were being tricked and immediately implemented countermeasures and was able to successfully transfer 10.9 million euros on the recipient accounts. The rest of the money, unfortunately, has already been wired in Slovakia and across Asia.

[READ: Austrian aeronautics company loses 42 million euros to BEC scam]  

The recent increase in BEC-related incidents is partly attributed to the effort made by law enforcement agencies to categorize these scams separately as “BECs,” where the business and not the customer are targeted, rather than generic wire fraud. Based on the FBI’s data, the BEC statistics that were reported to the IC3 from October 2013 to May 2016 shows the sharp jump in cases is becoming a serious problem. Mitchell Thompson, Supervisory Special Agent and head of the financial cybercrimes task force in the FBI advises businesses to notify the FBI immediately if they find that they have been victimized by the BEC scam so the bureau can work with involved parties to freeze funds before fraudsters obtain the stolen money. “The sooner somebody reports this to the FBI, the better the possibility they can get their money back,” he said.

For more on protecting your organization from BEC schemes, read Battling Business Email Compromise Fraud: How Do You Start?

Trend Micro products protect medium and large enterprises from this threat. Malware in BEC-related emails are blocked by the endpoint and email security capabilities of the Trend Micro Smart Protection Suites and Network Defense solutions. The InterScan Messaging Security Virtual Appliance, with enhanced social engineering attack protection, provides protection against socially-engineered emails used in BEC attacks. The Deep Discovery Analyzer found in the Trend Micro Network Defense family of solutions help detect advanced malware and other threats that come in using email
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.